CVE-2020-16858

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified)

Description: A cross-site scripting issue exists due to insufficient protection of the web page structure. This could allow a remote attacker to perform cross-site scripting attacks using a specially crafted request. The attacker could then run scripts in the security context of the current authenticated user, potentially allowing them to read unauthorized content, take actions on behalf of the user, such as changing permissions and deleting content, and inject malicious content into the user's browser.

Recommendations: For Microsoft Dynamics 365 (on-premises), apply the security update that addresses the vulnerability by ensuring Dynamics Server properly sanitizes web requests. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.